Have you met me? Are we acquainted, either in real life or in social media, or even just had a passing exchange at some point via email? If so, congratulations – you are now connected to a 9/11 mastermind, and the NSA probably knows it.

I am not, of course, a 9/11 mastermind, nor have I been personally acquainted with anyone who was. In fact, by the time I learned of this connection, 9/11 had long since happened and Mohamed Atta was long since dead. But I have a friend in Germany who has a friend who was at the same college in Hamburg that Atta attended, and now, by the NSA’s logic, we are all tainted by the association.

Which is complete and utter nonsense, of course. Mere acquaintance (even when not so attenuated) is not a proxy for influence. Even friendship itself is not a proxy for influence. Relationships between people are many and nuanced and the simple knowledge of one person by another (or even a close social or familial tie) in no way connotes endorsement of every, or even any, aspect of one’s life by the other. Unfortunately the NSA doesn’t seem to realize this (or, more likely, doesn’t care).

It’s also just as wrong to attempt to derive meaning from these connections because it turns out we are all connected. There is a reason we play “Six Degrees of Separation,” because it reveals the miracle of how upwards of seven billion people spread out on a planet surface of nearly 200 million square miles share this nonetheless pretty small world after all.

Obviously some people share in it more constructively than others. There are some who would choose to do violence to it. But not all of us, or even most of us, and in mapping all of our connections so indiscriminately we are all treated with the same suspicion and surveillance as the few actual bad actors. The NSA might argue that such surveillance of our interconnectivity is necessary to “discover and track” these bad actors, but by putting all of our lives under such scrutiny the NSA presumptively treats the innocent as equally guilty by association.

But even if these programs are consistent with either their enabling statutory language or previous Fourth Amendment case law, it is not at all clear that they are consistent with either the spirit or bare language of the Fourth Amendment:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Over time, on a case by case basis specific to the facts before them, courts have whittled away at what we might understand the Fourth Amendment to protect. Which is unfortunate, because on its face it would appear to protect quite a bit of personal privacy from government intrusion, except under very narrow circumstances. But as we learn more about these surveillance programs we see how, even if “legal,” they intrude upon that privacy, and in a way that essentially destroys all vestiges of it for everyone, criminal (or foreign) or not.

I was interviewed yesterday about my concerns for the new Golden Gate Bridge toll system. Like an increasing number of other roadways, as of this morning the bridge will have gone to all-electronic tolling and done away with its human toll-takers, ostensibly as a cost-cutting move. But while it may save the Bridge District some money on salaries, at what cost does it do so to the public?

With the toll-takers bridge users could pay cash, anonymously, whenever they wanted to use the bridge. Fastrak, the previous electronic toll system, has also been an option for the past several years, offering a discount to bridge users who didn’t mind having their travel information collected, stored, and potentially accessed by others in exchange for some potential expediency. But now bridge users will either have to use Fastrak, or agree to have their license plates photographed (and thereby have their travel information collected, stored, and potentially accessed by others) and then compared to DMV records in order to then be invoiced for their travels.Continue reading »

I’ve written before about the balance privacy laws need to take with respect to the data aggregation made possible by the digital age. When it comes to data aggregated or accessed by the government, on that front law and policy should provide some firm checks to ensure that such aggregation or access does not violate people’s Fourth Amendment right “to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” Such limitations don’t forever hobble legitimate investigations of wrongdoing; they simply require adequate probable cause before the digital records of people’s lives be exposed to police scrutiny. You do not need to have something to hide in order not to want that.

But all too often when we demand that government better protect privacy it’s not because we want the government to; on the contrary, we want it to force private parties to. Which isn’t to say that there is no room for concern when private parties aggregate personal data. Such aggregations can easily be abused, either by private parties or by the government itself (which tends to have all too easy access to it). But as this recent article in the New York Times suggests, a better way to construct the regulation might be to focus less on how private parties collect the data and more on the subsequent access to and use of the data once collected, since that is generally from where any possible harm could flow. The problem with privacy regulation that is too heavy-handed in how it allows technology to interact with data is that these regulations can choke further innovation, often undesirably. As a potential example, although mere speculation, this article suggests that Google discontinued its support for its popular Google Reader product due to the burdens of compliance with myriad privacy regulations. Assuming this suspicion is true — but even if it’s not — while perhaps some of this regulation vindicates important policy values, it is fair to question whether it does so in a sufficiently nuanced way so that it doesn’t provide a disincentive for innovators to develop and support new products and technologies. If such regulation is having that chilling effect, we may reasonably want to question whether these enforcement mechanisms have gone too far.

Meanwhile public outcry has largely been ignoring much more obvious and dangerous incursions into their privacy rights done by government actors, a notable example of which will be discussed in the following post.

Maybe there’s more TSA news breaking these days. Or maybe it’s just that I’m noticing it more. Whatever the reason, on the heels of the last post I have some new items to add. But maybe it makes sense to begin by explaining what this topic is doing on this technology blog.Continue reading »

This upcoming week’s Quicklinks was starting to have quite a few examples related to aviation safety, so I thought I’d distill them into one post. There is likely universal agreement: we want to be able to travel through the air safely. There is not, however, agreement on what sort of public policy is necessary to ensure such an outcome.

Even regarding the same safety issues there’s not consensus. For example, passengers are forbidden from using certain portable electronics during takeoffs and landings for fear they’d cause electromagnetic interference that could disable the plane’s instruments. Unfortunately, whether that is a valid concern or a modern old wives’ tale is still subject to debate. This article in the New York Times Bits blog ran some tests on various objects and noted that they did not seem to emit interference that would approach dangerous levels, even in the aggregate. On the other hand, it’s worth reading this recent article from Salon.com’s Ask the Pilot columnist Patrick Smith as a counterpoint. He notes that even a minor blip in airplane instrument functionality could be risky, but moreover, the other reason to ban such devices during these periods is because they can become dangerous projectiles in case of emergency. Sure, he observes, so can books, which aren’t banned, but if one is going to draw a line somewhere this could be a reasonable place.

EPIC has filed a Freedom of information Act lawsuit against the Department of Homeland Security to force disclosure of the details of the agency’s social network monitoring program. In news reports and a Federal Register notice, the DHS has stated that it will routinely monitor the public postings of users on Twitter and Facebook. The agency plans to create fictitious user accounts and scan posts of users for key terms. User data will be stored for five years and shared with other government agencies.The legal authority for the DHS program remains unclear. EPIC filed the lawsuit after the DHS failed to reply to an April 2011 FOIA request. For more information, see EPIC: Social Networking Privacy.

“We are not the Airport Security Administration,” said Ray Dineen, the air marshal in charge of the TSA office in Charlotte. “We take that transportation part seriously.”

The TSA’s 25 “viper” teams — for Visible Intermodal Prevention and Response — have run more than 9,300 unannounced checkpoints and other search operations in the last year. Department of Homeland Security officials have asked Congress for funding to add 12 more teams next year.

According to budget documents, the department spent $110 million in fiscal 2011 for “surface transportation security,” including the TSA’s viper program, and is asking for an additional $24 million next year. That compares with more than $5 billion for aviation security.

TSA officials say they have no proof that the roving viper teams have foiled any terrorist plots or thwarted any major threat to public safety. But they argue that the random nature of the searches and the presence of armed officers serve as a deterrent and bolster public confidence.

“We have to keep them [terrorists] on edge,” said Frank Cilluffo, director of the Homeland Security Policy Institute at George Washington University in Washington. “We’re not going to have a permanent presence everywhere.”

U.S. officials note that digital files recovered from Osama bin Laden’s compound in Pakistan after he was killed by U.S. Navy SEALs in May included evidence that the Al Qaeda leader had considered an attack on U.S. railways in February 2010. Over the last decade, deadly bombings have hit subways or trains in Moscow; Mumbai, India; Madrid; and London.

But critics say that without a clear threat, the TSA checkpoints are merely political theater. Privacy advocates worry that the agency is stretching legal limits on the government’s right to search U.S. citizens without probable cause — and with no proof that the scattershot checkpoints help prevent attacks.

“It’s a great way to make the public think you are doing something,” said Fred H. Cate, a professor at the Indiana University Maurer School of Law, who writes on privacy and security. “It’s a little like saying, ‘If we start throwing things up in the air, will they hit terrorists?'”